小红书热门账号推荐

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Xiaohongshu ranking tool, but it needs review because it can create recurring subscriptions or calendar automation without clearly defined user controls.

Install only if you are comfortable storing a Redfox API key, sending Xiaohongshu ranking queries to redfox.hk, and generating local HTML reports. Before enabling subscriptions, confirm the exact category, frequency, delivery destination, and how to cancel or review the recurring task.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill instructs the agent to use environment secrets, make outbound network requests, and write HTML files, but it does not declare any permissions or provide user-visible disclosure/consent boundaries for those capabilities. This creates a trust and governance gap: a user may invoke what appears to be a simple ranking query skill without realizing it will access API keys, contact a third-party service, and create local artifacts.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 92% confidence
Finding: The declared description presents a ranking/analysis tool, but the documented behavior expands to third-party API access with authentication, file/report generation, structured data persistence, and automatic date/query interpretation. This mismatch can mislead users and reviewers about the actual attack surface, increasing the chance that sensitive credentials, outbound data flows, or persistent outputs are enabled without informed approval.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrases include broad, common expressions such as generic ranking or recommendation terms, which can cause unintended activation on unrelated user requests. Accidental invocation matters here because the skill can perform external API calls, generate files, and prompt follow-on actions, so overbroad matching increases the likelihood of unauthorized or surprising behavior.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill pushes users toward creating recurring subscriptions/calendar tasks and even instructs immediate follow-up prompting, but it lacks a clear, explicit consent and risk disclosure flow before creating persistent automations. This can lead to unwanted recurring actions, notification spam, or long-lived tasks being created with insufficient user understanding of cadence, scope, and data access.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal